Ir ao conteúdo
  • Cadastre-se

Virus que rouba senhas de apps conectados aos browsers


Posts recomendados

Pessoal eu trabalho por conta na internet e estou precisando resolver este problema no meu computador, já passei o karspersky e ele não pega os virus, quase perdi as contas de meus clientes, estou preocupado :(

 

Meu PC não passa o ZA-scan (vira noites trabalhando e não gera o log)

 

Vi em outro post aqui de remoção de malwares uma rotina com outros programas (ADW e ZHP cleaner), sequi ela e gerei os logs, vou anexar.

 

Obriado em avanço

AdwCleaner[S02][1].txt ZHPCleaner_(S)[1].txt

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

@k00rg

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • IMPORTANTE: Caso tenha programas de ativação do Windows ou de compartilhamento p2p/toŕŕent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas;
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!


Regras da Área de Remoção de Malware << IMPORTANTE A LEITURA

Regras Gerais do Forum Clube do Hardware << IMPORTANTE A LEITURA
 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

 

Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop)

roguekiller.exe (x64) << link

  • Feche todos os programas
  • Execute o RogueKiller.exe.
    ** Usuários do Windows Vista, Windows 7, 8, 8.1 e Windows 10:Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em image.png
  • Clique em SCAN
  • Clique no primeiro START "Standard Scan (recommended)" e aguarde o scan...
  • Clique no botão RESULTS
  • Clique na opção REPORT e em EXPORT e selecione a opção Text file...
  • Salve o arquivo na area de trabalho com o nome roguekiller_report

Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta

  • Curtir 1
Link para o comentário
Compartilhar em outros sites

Segue o report do rogue killer:

 

 

RogueKiller Anti-Malware V15.0.9.0 (x64) [Aug  5 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19043) 64-bit
Started in : Normal mode
User : user [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210805_090601, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2021/08/06 20:03:06 (Duration : 00:04:17)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> XX - Software
  [PUP.WinZipDiskTools (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Nico Mak Computing -- N/A -> Found
  [PUP.WinZipDiskTools (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Nico Mak Computing -- N/A -> Found
  [PUP.WinZipDiskTools (Potentially Malicious)] (X64) HKEY_USERS\.DEFAULT\Software\Nico Mak Computing -- N/A -> Found
  [PUP.WinZipDiskTools (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-162750532-2239188513-3536986092-1001\Software\Nico Mak Computing -- N/A -> Found
  [PUP.WinZipDiskTools (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-18\Software\Nico Mak Computing -- N/A -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.HackTool (Potentially Malicious)] (folder) KMSAutoS -- C:\ProgramData\KMSAutoS -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

@k00rg

 

  1. Clique no menu Iniciar, e após isso clique com o botão direito do mouse sob Este computador e selecione a opção Propriedades.
  2. Em Propriedades, selecione a opção Configurações avançadas do sistema.
  3. Vá na aba Proteção do Sistema, e em Restauração do Sistema, vá na opção Criar.
    OBS: Atente para a correta criação do ponto de restauração
    fce2f587-5556-456b-93d4-00966ae7f59d
  4. Depois basta seguir as instruções em tela, para criar seu ponto de restauração.
    OBS: Lembre-se de colocar um nome de fácil entendimento para uma posterior restauração a partir deste ponto.

Pressione as teclas Windows conheca-atalhos-de-teclado-para-dominar-o-windows-8-2.jpg + R e digite: msconfig 
- Clique na guia Serviços, marque a opção Ocultar todos os serviços Microsoft e depois clique em Desativar tudo
- Clique na guia Inicialização de Programas e clique em Abrir Gerenciador de Tarefas
- Clique com o botão direito em cada entrada da inicialização e clique em Desabilitar/Desativar.

Volte para a tela de Configurações do Sistema e clique em Aplicar e depois em OK

Siga as mensagens ate que seja solicitado a reiniciar.

Me informe se tudo ok ou se ocorreu algum problema.

Link para o comentário
Compartilhar em outros sites

Opa, foi tudo certo, Fiz um posto de restauração no compartimento do sistema só. Seria necessário fazer nos outros compartimentos tb? (tenho D e E)

 

a partir dessa etapa fazemos o que?obrigado

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

@k00rg

 

11 horas atrás, k00rg disse:

Seria necessário fazer nos outros compartimentos tb? (tenho D e E)

Somente no compartimento do sistema.

 

Baixe o Farbar Recovery Scan do link abaixo e salve na sua área de trabalho.
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

** Usuários do Windows Vista, Windows 7, 8/8.1 e Windows 10:
Clique com o direito sobre o arquivo FRST64.EXE, depois clique em http://i.imgur.com/VRIfczU.png .

Aceite o contrato e depois clique no botão Scan/Examinar.Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Abra cada arquivo em separado, copie seu conteúdo e cole na sua próxima resposta.

Link para o comentário
Compartilhar em outros sites

Opa, segue os logs colados aqui

 

 

FSRT

 

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 11-08-2021
Executado por user (administrador) em DESKTOP-SKID6P9 (13-08-2021 12:57:38)
Executando a partir de C:\Users\user\Downloads
Perfis Carregados: user
Platform: Windows 10 Pro Versão 21H1 19043.1165 (X64) Idioma: Português (Brasil)
Navegador padrão: Edge
Modo da Inicialização: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avpui.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321096 2017-06-09] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-162750532-2239188513-3536986092-1001\...\Run: [Steam] => D:\Gustavo\Programas\Steam.exe [4110568 2021-07-20] (Valve -> Valve Corporation)
HKU\S-1-5-21-162750532-2239188513-3536986092-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [123792288 2021-07-27] (Logitech Inc -> Logitech, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-04] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restrição <==== ATENÇÃO

==================== Tarefas Agendadas (Whitelisted) ============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {31EF498F-AA6D-4C0A-9E13-66A9445C5402} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-28] (Corel Corporation -> Corel Corporation)
Task: {32F51B15-97CF-4860-9E26-E9A7AD52454F} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-28] (Corel Corporation -> Corel Corporation)
Task: {54861B05-487B-44D6-8A23-52301CCAA576} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-28] (Corel Corporation -> Corel Corporation)
Task: {5CAEEABD-4745-401C-9305-D700267D7FC9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {7E22BAC2-7F7F-4D4F-A6B7-39C569544217} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {842B53E1-0E32-404D-B1FB-22A81D681106} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154520 2021-07-21] (Google LLC -> Google LLC)
Task: {96DC1986-1C34-4940-B089-3537BFC9CF3F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154520 2021-07-21] (Google LLC -> Google LLC)
Task: {97861DB0-98A2-412C-9BA9-DEFC23C5618E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {A77E3340-7CB2-4B5B-8BBE-BFFE52C51960} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-SKID6P9-user DESKTOP-SKID6P9 => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [470720 2016-02-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {E365ECE2-6107-4D80-B9B5-9604835E6FBA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682424 2021-07-16] (Mozilla Corporation -> Mozilla Foundation)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)


==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 1.1.1.1 1.0.0.1
Tcpip\..\Interfaces\{b692624e-a842-4d6b-90bf-e15bc4adf099}: [DhcpNameServer] 1.1.1.1 1.0.0.1

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-13]
Edge Extension: (Kaspersky Protection) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-08-05]
Edge HKU\S-1-5-21-162750532-2239188513-3536986092-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]

FireFox:
========
FF DefaultProfile: w9u8mkdq.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\w9u8mkdq.default [2021-07-31]
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6mbdhli9.default-release [2021-07-31]
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\FFExt\light_plugin_firefox\addon.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\FFExt\light_plugin_firefox\addon.xpi => não encontrado (a)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2021-08-13]
CHR Extension: (Apresentações) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-08-03]
CHR Extension: (Kaspersky Protection) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-08-03]
CHR Extension: (Documentos) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-08-03]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-03]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-08-03]
CHR Extension: (Planilhas) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-08-03]
CHR Extension: (Documentos Google off-line) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-08-03]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-03]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-03]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-03]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avp.exe [184768 2021-07-23] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803952 2021-07-27] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [368360 2021-06-08] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 KSDE5.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe [447104 2021-07-23] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10752928 2021-07-27] (Logitech Inc -> Logitech, Inc.)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2556048 2021-07-15] (Electronic Arts, Inc. -> Electronic Arts)
S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3474584 2021-07-15] (Electronic Arts, Inc. -> Electronic Arts)
S4 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13946200 2021-08-05] (ADLICE (ASCOET JULIEN) -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-08-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 klbackupdisk; C:\Windows\system32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\Windows\system32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [657696 2021-05-08] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [1439456 2021-05-08] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.3\Bases\klids.sys [273176 2021-07-26] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [96008 2021-07-23] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\drivers\kltap.sys [55592 2021-02-19] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [263888 2021-07-23] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [309104 2021-07-23] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [115744 2021-07-23] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [224880 2021-07-23] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 LGHUBTemperatureService; C:\Program Files\LGHUB\logi_core_temp.sys [22864 2021-07-27] (Logitech Inc -> Logitech)
S3 logi_generic_hid_filter; C:\Windows\system32\drivers\logi_generic_hid_filter.sys [55624 2021-07-27] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [37200 2021-07-27] (Logitech Inc -> Logitech)
S3 logi_joy_hid_filter; C:\Windows\system32\drivers\logi_joy_hid_filter.sys [56656 2021-07-27] (Logitech Inc -> Logitech)
S3 logi_joy_hid_lo; C:\Windows\system32\drivers\logi_joy_hid_lo.sys [45904 2021-07-27] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [25928 2021-07-27] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66896 2021-07-27] (Logitech Inc -> Logitech)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [36824 2020-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49560 2021-07-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [425192 2021-07-22] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-22] (Microsoft Windows -> Microsoft Corporation)
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um mês (criados) (Whitelisted) =========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2021-08-13 12:57 - 2021-08-13 12:58 - 000016108 _____ C:\Users\user\Downloads\FRST.txt
2021-08-13 12:56 - 2021-08-13 12:57 - 000000000 ____D C:\FRST
2021-08-13 12:55 - 2021-08-13 12:55 - 002300416 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2021-08-13 11:41 - 2021-08-13 11:41 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-08-13 11:41 - 2021-08-13 11:41 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-08-13 11:41 - 2021-08-13 11:41 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-08-13 11:41 - 2021-08-13 11:41 - 000011347 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-08-13 11:40 - 2021-08-13 11:40 - 001823280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-08-13 11:40 - 2021-08-13 11:40 - 001393480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-08-13 11:40 - 2021-08-13 11:40 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2021-08-13 11:35 - 2021-08-13 11:35 - 000000000 ___HD C:\$WinREAgent
2021-08-09 23:21 - 2021-08-09 23:25 - 000002442 _____ C:\Users\user\Desktop\roguekiller2.txt
2021-08-09 22:12 - 2021-08-09 22:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-08-06 20:08 - 2021-08-06 20:08 - 000003762 _____ C:\Users\user\Desktop\roguekiller_report.txt
2021-08-06 19:50 - 2021-08-06 20:02 - 000001080 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2021-08-06 19:50 - 2021-08-06 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-08-06 19:50 - 2021-08-06 19:50 - 000000000 ____D C:\Program Files\RogueKiller
2021-08-06 19:49 - 2021-08-06 19:51 - 000000000 ____D C:\ProgramData\RogueKiller
2021-08-06 19:49 - 2021-08-06 19:49 - 041875792 _____ (Adlice Software ) C:\Users\user\Downloads\RogueKiller_setup.exe
2021-08-05 14:05 - 2021-08-05 14:05 - 000009855 _____ C:\Users\user\Desktop\ZHPCleaner (S).html
2021-08-05 14:05 - 2021-08-05 14:05 - 000003311 _____ C:\Users\user\Desktop\ZHPCleaner (S).txt
2021-08-05 13:57 - 2021-08-05 14:05 - 000000000 ____D C:\Users\user\AppData\Roaming\ZHP
2021-08-05 13:57 - 2021-08-05 13:57 - 000000000 ____D C:\Users\user\AppData\Local\ZHP
2021-08-05 13:57 - 2021-08-02 12:07 - 003258520 _____ (Nicolas Coolman) C:\Users\user\Desktop\ZHPCleaner.exe
2021-08-05 13:56 - 2021-08-05 13:56 - 002822255 _____ C:\Users\user\Downloads\ZHPCleaner.zip
2021-08-05 13:53 - 2021-08-05 13:53 - 000001649 _____ C:\Users\user\Desktop\AdwCleaner[S02].txt
2021-08-05 05:20 - 2021-08-05 05:25 - 000000474 _____ C:\runcheck.txt
2021-08-05 05:20 - 2021-08-05 05:20 - 000000000 ____D C:\zoek_backup
2021-08-05 05:20 - 2021-08-05 05:20 - 000000000 ____D C:\Windows\SysWOW64\XPSViewer
2021-08-05 05:20 - 2021-08-05 05:20 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-08-05 05:20 - 2021-08-05 05:20 - 000000000 ____D C:\Program Files\MSBuild
2021-08-05 05:20 - 2021-08-05 05:20 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-08-05 05:20 - 2021-08-05 05:20 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-08-05 05:09 - 2018-04-18 00:39 - 002038755 _____ C:\Users\user\Desktop\ZA-Scan.exe
2021-08-05 05:08 - 2021-08-05 05:08 - 006102389 _____ C:\Users\user\Downloads\zoek.zip
2021-08-03 21:54 - 2021-08-03 21:54 - 000000000 ____D C:\Users\user\AppData\Local\OneDrive
2021-07-31 17:28 - 2021-07-31 17:27 - 008553680 _____ (Malwarebytes) C:\Users\user\Desktop\adwcleaner_8.3.0.exe
2021-07-31 17:27 - 2021-07-31 17:43 - 000000000 ____D C:\AdwCleaner
2021-07-31 17:19 - 2021-07-31 17:19 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2021-07-30 23:25 - 2021-08-04 00:55 - 001241848 ____H (Carifred) C:\Users\user\Desktop\UltraAdwareKiller64.exe
2021-07-30 23:13 - 2021-08-04 01:30 - 000964154 _____ C:\Windows\ntbtlog.txt
2021-07-30 23:10 - 2021-07-30 23:10 - 000000000 ____D C:\Users\user\AppData\Local\mbam
2021-07-30 23:07 - 2021-07-30 23:04 - 013465848 _____ (Carifred) C:\Users\user\Desktop\UltraAdwareKiller.exe
2021-07-30 23:06 - 2021-08-04 00:55 - 000000000 ____D C:\ProgramData\Ultra Adware Killer
2021-07-30 22:58 - 2021-07-30 22:58 - 000007605 _____ C:\Users\user\AppData\Local\Resmon.ResmonCfg
2021-07-30 07:38 - 2021-07-30 07:38 - 000002713 _____ C:\Users\user\Desktop\Equipos (real).xlsx - Microsoft Excel Online.lnk
2021-07-30 07:38 - 2021-07-30 07:38 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome
2021-07-29 21:19 - 2021-07-29 21:19 - 000000000 ____D C:\ProgramData\Slightly Mad Studios
2021-07-29 15:49 - 2021-07-29 15:49 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-07-29 15:49 - 2020-11-11 03:54 - 000167280 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
2021-07-29 15:49 - 2020-11-11 03:54 - 000159600 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus2.sys
2021-07-29 15:38 - 2021-07-29 15:38 - 000001077 _____ C:\Users\user\Desktop\AmpliTube 5.lnk
2021-07-29 15:23 - 2021-07-29 15:23 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2021-07-29 15:23 - 2021-07-29 15:23 - 000000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2021-07-29 15:16 - 2021-08-12 18:18 - 000000016 _____ C:\Windows\system32\w3data.vss
2021-07-29 15:16 - 2021-08-12 18:18 - 000000016 _____ C:\Windows\system32\msvcsv60.dll
2021-07-29 15:16 - 2021-08-12 18:18 - 000000016 _____ C:\Windows\msocreg32.dat
2021-07-29 15:16 - 2021-08-12 18:18 - 000000016 _____ C:\Users\user\AppData\Roaming\msregsvv.dll
2021-07-29 15:16 - 2021-08-12 18:18 - 000000016 _____ C:\ProgramData\autobk.inc
2021-07-29 15:16 - 2021-07-29 15:16 - 000000000 ____D C:\Users\user\AppData\Roaming\IK Multimedia
2021-07-29 15:12 - 2021-07-29 15:12 - 000002094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Custom Shop.lnk
2021-07-29 15:12 - 2021-07-29 15:12 - 000000000 ____D C:\Users\user\Documents\IK Multimedia
2021-07-29 15:12 - 2021-07-29 15:12 - 000000000 ____D C:\Users\user\AppData\Local\customshop-updater
2021-07-29 15:12 - 2021-07-29 15:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2021-07-29 15:12 - 2021-07-29 15:12 - 000000000 ____D C:\Program Files\Common Files\VST3
2021-07-29 15:09 - 2021-07-29 15:12 - 000000000 ____D C:\Program Files\VstPlugIns
2021-07-29 15:09 - 2021-07-29 15:12 - 000000000 ____D C:\Program Files\IK Multimedia
2021-07-29 15:09 - 2021-07-29 15:09 - 000000000 ____D C:\Program Files\Common Files\Avid
2021-07-29 15:04 - 2021-07-29 15:04 - 000003658 _____ C:\Windows\system32\Tasks\WinZip Update Notifier 2
2021-07-29 15:04 - 2021-07-29 15:04 - 000003656 _____ C:\Windows\system32\Tasks\WinZip Update Notifier 3
2021-07-29 15:04 - 2021-07-29 15:04 - 000003656 _____ C:\Windows\system32\Tasks\WinZip Update Notifier 1
2021-07-29 15:04 - 2021-07-29 15:04 - 000002087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2021-07-29 15:04 - 2021-07-29 15:04 - 000000000 ____D C:\Users\user\AppData\Local\WinZip
2021-07-29 15:04 - 2021-07-29 15:04 - 000000000 ____D C:\ProgramData\WinZip
2021-07-29 15:04 - 2021-07-29 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2021-07-29 15:04 - 2021-07-29 15:04 - 000000000 ____D C:\Program Files\WinZip
2021-07-29 15:03 - 2021-07-29 15:03 - 000000000 ____D C:\ProgramData\UniqueId
2021-07-28 23:40 - 2021-07-28 23:40 - 000000000 ____D C:\Windows\system32\lxss
2021-07-28 23:38 - 2021-07-13 14:06 - 001474704 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2021-07-28 23:38 - 2021-07-13 14:06 - 001212560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2021-07-28 23:38 - 2021-07-13 14:02 - 001520776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2021-07-28 23:38 - 2021-07-13 14:02 - 000716912 _____ C:\Windows\system32\nvofapi64.dll
2021-07-28 23:38 - 2021-07-13 14:02 - 000676480 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2021-07-28 23:38 - 2021-07-13 14:02 - 000645232 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2021-07-28 23:38 - 2021-07-13 14:02 - 000577152 _____ C:\Windows\SysWOW64\nvofapi.dll
2021-07-28 23:38 - 2021-07-13 14:02 - 000564352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2021-07-28 23:38 - 2021-07-13 14:01 - 002112128 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2021-07-28 23:38 - 2021-07-13 14:01 - 001595520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2021-07-28 23:38 - 2021-07-13 14:01 - 001171072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2021-07-28 23:38 - 2021-07-13 14:01 - 000919168 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2021-07-28 23:38 - 2021-07-13 14:01 - 000750208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2021-07-28 23:38 - 2021-07-13 14:01 - 000706176 _____ (NVIDIA Corporation) C:\Windows\system32\NVIDIA-smi.exe
2021-07-28 23:38 - 2021-07-13 14:00 - 008854144 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2021-07-28 23:38 - 2021-07-13 14:00 - 007920768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2021-07-28 23:38 - 2021-07-13 14:00 - 005680760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2021-07-28 23:38 - 2021-07-13 14:00 - 004987520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2021-07-28 23:38 - 2021-07-13 14:00 - 002925696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2021-07-28 23:38 - 2021-07-13 14:00 - 000447104 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2021-07-28 23:38 - 2021-07-13 13:59 - 000849008 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2021-07-28 23:38 - 2021-07-12 08:32 - 000083062 _____ C:\Windows\system32\nvinfo.pb
2021-07-28 23:38 - 2021-07-12 08:32 - 000037664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
2021-07-28 23:29 - 2021-07-28 23:29 - 000000000 ____D C:\Windows\pss
2021-07-28 22:59 - 2021-07-28 22:59 - 000000000 ____D C:\Users\user\Desktop\Carspersky
2021-07-28 03:53 - 2021-07-28 03:53 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2021-07-28 03:53 - 2021-07-28 03:53 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2021-07-28 03:53 - 2021-07-28 03:53 - 000000000 ____D C:\Windows\system32\RTCOM
2021-07-28 03:53 - 2021-07-28 03:53 - 000000000 ____D C:\Windows\system32\DAX3
2021-07-28 03:53 - 2021-07-28 03:53 - 000000000 ____D C:\Windows\system32\DAX2
2021-07-28 03:53 - 2021-07-28 03:53 - 000000000 ____D C:\Program Files\Realtek
2021-07-28 03:52 - 2021-07-28 03:54 - 000000000 ___HD C:\Program Files (x86)\Temp
2021-07-28 03:52 - 2017-10-18 16:05 - 003299816 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2021-07-28 03:52 - 2017-10-18 16:05 - 002190976 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2021-07-28 03:52 - 2017-10-18 16:05 - 001382232 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2021-07-28 03:52 - 2017-10-18 16:05 - 001337632 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2021-07-28 03:52 - 2017-10-18 16:05 - 000852128 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2021-07-28 03:52 - 2017-10-18 16:05 - 000604784 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2021-07-28 03:52 - 2017-10-18 16:05 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2021-07-28 03:52 - 2017-10-18 16:04 - 003121112 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2021-07-28 03:52 - 2017-10-18 16:04 - 001435128 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2021-07-28 03:52 - 2017-10-18 16:04 - 000873456 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2021-07-28 03:52 - 2017-10-18 16:04 - 000532368 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2021-07-28 03:52 - 2017-10-18 16:04 - 000467152 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2021-07-28 03:52 - 2017-10-18 16:04 - 000381400 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2021-07-28 03:52 - 2017-10-18 16:04 - 000341144 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2021-07-28 03:52 - 2017-10-18 16:04 - 000341144 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2021-07-28 03:52 - 2017-10-18 16:04 - 000221960 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2021-07-28 03:52 - 2017-10-18 16:04 - 000209528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2021-07-28 03:52 - 2017-10-18 16:04 - 000166200 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2021-07-28 03:52 - 2017-10-18 16:04 - 000158688 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2021-07-28 03:52 - 2017-10-18 16:04 - 000075528 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2021-07-28 03:52 - 2017-10-18 16:03 - 003410320 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2021-07-28 03:52 - 2017-10-18 16:03 - 000986992 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2021-07-28 03:52 - 2017-10-18 16:03 - 000965016 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2021-07-28 03:52 - 2017-10-18 16:03 - 000866632 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2021-07-28 03:52 - 2017-10-18 16:03 - 000231904 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2021-07-28 03:52 - 2017-10-18 16:03 - 000090904 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2021-07-28 03:52 - 2017-10-18 16:03 - 000088312 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2021-07-28 03:52 - 2017-10-18 16:03 - 000083616 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2021-07-28 03:52 - 2017-10-18 16:02 - 003509192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2021-07-28 03:52 - 2017-10-18 16:02 - 001016920 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2021-07-28 03:52 - 2017-10-18 16:02 - 000877424 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2021-07-28 03:52 - 2017-10-18 16:02 - 000868168 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2021-07-28 03:52 - 2017-10-18 16:02 - 000737960 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2021-07-28 03:52 - 2017-10-18 16:02 - 000691672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2021-07-28 03:52 - 2017-10-18 16:02 - 000526272 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2021-07-28 03:52 - 2017-10-18 16:02 - 000387304 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2021-07-28 03:52 - 2017-10-18 16:02 - 000343696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2021-07-28 03:52 - 2017-10-18 16:02 - 000214824 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2021-07-28 03:52 - 2017-10-18 16:02 - 000192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2021-07-28 03:52 - 2017-10-18 16:02 - 000110976 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2021-07-28 03:52 - 2017-10-18 16:02 - 000088336 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2021-07-28 03:52 - 2017-10-18 16:01 - 006463152 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
2021-07-28 03:52 - 2017-10-18 16:01 - 005938904 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2021-07-28 03:52 - 2017-10-18 16:01 - 005593608 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2021-07-28 03:52 - 2017-10-18 16:01 - 003561920 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2021-07-28 03:52 - 2017-10-18 16:01 - 003135776 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2021-07-28 03:52 - 2017-10-18 16:01 - 001351224 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2021-07-28 03:52 - 2017-10-18 16:01 - 000680536 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2021-07-28 03:52 - 2017-10-18 16:01 - 000447704 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2021-07-28 03:52 - 2017-10-18 16:01 - 000406440 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll
2021-07-28 03:52 - 2017-10-18 16:01 - 000366112 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2021-07-28 03:52 - 2017-10-18 16:01 - 000360336 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2021-07-28 03:52 - 2017-10-18 16:01 - 000321704 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2021-07-28 03:52 - 2017-10-18 16:01 - 000321704 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2021-07-28 03:52 - 2017-10-18 16:01 - 000203832 _____ (Harman) C:\Windows\system32\HMHVS.dll
2021-07-28 03:52 - 2017-10-18 16:01 - 000190920 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2021-07-28 03:52 - 2017-10-18 16:01 - 000190920 _____ (Harman) C:\Windows\system32\HMEQ.dll
2021-07-28 03:52 - 2017-10-18 16:01 - 000179584 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2021-07-28 03:52 - 2017-10-18 16:01 - 000151776 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2021-07-28 03:52 - 2017-10-18 16:01 - 000134184 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2021-07-28 03:52 - 2017-10-18 16:01 - 000084600 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2021-07-28 03:52 - 2017-10-18 16:00 - 005346984 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2021-07-28 03:52 - 2017-10-18 16:00 - 002444672 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2021-07-28 03:52 - 2017-10-18 16:00 - 001965800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2021-07-28 03:52 - 2017-10-18 16:00 - 001959592 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2021-07-28 03:52 - 2017-10-18 16:00 - 001780608 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2021-07-28 03:52 - 2017-10-18 16:00 - 001591056 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2021-07-28 03:52 - 2017-10-18 16:00 - 001508920 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2021-07-28 03:52 - 2017-10-18 16:00 - 001259720 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll
2021-07-28 03:52 - 2017-10-18 16:00 - 000743960 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2021-07-28 03:52 - 2017-10-18 16:00 - 000727424 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2021-07-28 03:52 - 2017-10-18 16:00 - 000708304 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2021-07-28 03:52 - 2017-10-18 16:00 - 000504296 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2021-07-28 03:52 - 2017-10-18 16:00 - 000445384 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2021-07-28 03:52 - 2017-10-18 16:00 - 000441256 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2021-07-28 03:52 - 2017-10-18 16:00 - 000362040 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2021-07-28 03:52 - 2017-10-18 16:00 - 000327440 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2021-07-28 03:52 - 2017-10-18 16:00 - 000310408 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2021-07-28 03:52 - 2017-10-18 16:00 - 000253888 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2021-07-28 03:52 - 2017-10-18 16:00 - 000253856 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2021-07-28 03:52 - 2017-10-18 16:00 - 000252872 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2021-07-28 03:52 - 2017-10-18 15:59 - 001544240 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll
2021-07-28 03:52 - 2017-10-18 15:59 - 001372376 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll
2021-07-28 03:52 - 2017-10-18 15:59 - 000272704 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2021-07-28 03:52 - 2017-10-18 15:58 - 072520704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2021-07-28 03:52 - 2017-10-18 15:58 - 006007720 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2021-07-28 03:52 - 2017-10-18 15:58 - 003677152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2021-07-28 03:52 - 2017-10-18 15:58 - 003205112 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2021-07-28 03:52 - 2017-10-18 15:58 - 002922976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2021-07-28 03:52 - 2017-10-18 15:58 - 000258856 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2021-07-28 03:52 - 2017-10-18 15:58 - 000023688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2021-07-28 03:52 - 2017-10-18 15:57 - 007172904 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2021-07-28 03:52 - 2017-10-18 15:57 - 007096176 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2021-07-28 03:52 - 2017-10-18 15:57 - 006264624 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2021-07-28 03:52 - 2017-10-18 15:57 - 001159168 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2021-07-28 03:52 - 2017-10-18 15:57 - 001003856 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2021-07-28 03:52 - 2017-10-18 15:57 - 000416496 _____ (Harman) C:\Windows\system32\HMUI.dll
2021-07-28 03:52 - 2017-10-18 15:57 - 000378368 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2021-07-28 03:52 - 2017-10-18 15:57 - 000154360 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2021-07-28 03:52 - 2017-10-18 15:57 - 000122312 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2021-07-28 03:52 - 2017-10-18 15:56 - 000118576 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2021-07-28 03:52 - 2017-10-18 15:56 - 000105304 _____ C:\Windows\system32\audioLibVc.dll
2021-07-28 03:52 - 2017-10-18 15:26 - 014008149 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2021-07-28 03:52 - 2017-10-18 15:26 - 005804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2021-07-28 03:52 - 2017-07-21 06:17 - 002839488 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2021-07-28 03:35 - 2021-07-28 03:35 - 000000000 ____D C:\Users\user\AppData\Local\id Software
2021-07-28 00:34 - 2021-07-28 23:19 - 000000000 ____D C:\Users\user\Documents\Battlefield 1
2021-07-27 22:56 - 2021-07-27 22:56 - 000000718 _____ C:\Users\Public\Desktop\Battlefield 1.lnk
2021-07-27 22:56 - 2021-07-27 22:56 - 000000000 ___HD C:\Program Files\Common FilesEAInstaller
2021-07-27 21:38 - 2021-08-11 22:44 - 000000000 ____D C:\Users\user\AppData\Local\D3DSCache
2021-07-27 21:38 - 2021-07-29 20:00 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-07-27 21:38 - 2021-07-28 23:15 - 000000000 ____D C:\Program Files (x86)\Origin
2021-07-27 21:38 - 2021-07-27 23:35 - 000000000 ____D C:\ProgramData\Electronic Arts
2021-07-27 21:38 - 2021-07-27 21:38 - 000001062 _____ C:\Users\Public\Desktop\Origin.lnk
2021-07-27 21:38 - 2021-07-27 21:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2021-07-27 21:36 - 2021-07-30 04:04 - 000000000 ____D C:\Users\user\AppData\Roaming\Origin
2021-07-27 21:36 - 2021-07-30 04:04 - 000000000 ____D C:\ProgramData\Origin
2021-07-27 21:36 - 2021-07-29 19:57 - 000000000 ____D C:\Users\user\AppData\Local\Origin
2021-07-27 21:36 - 2021-07-27 21:36 - 063653408 _____ (Electronic Arts) C:\Users\user\Downloads\OriginThinSetup.exe
2021-07-27 21:36 - 2021-07-27 21:36 - 000000000 ____D C:\Users\user\.QtWebEngineProcess
2021-07-27 21:36 - 2021-07-27 21:36 - 000000000 ____D C:\Users\user\.Origin
2021-07-27 19:44 - 2021-07-27 19:44 - 000000000 ____D C:\Users\user\Documents\My Games
2021-07-27 19:32 - 2021-07-27 19:32 - 000000000 ____D C:\Users\user\AppData\Roaming\EasyAntiCheat
2021-07-27 19:32 - 2021-07-27 19:32 - 000000000 ____D C:\Users\user\AppData\Local\UnrealEngine
2021-07-27 19:32 - 2021-07-27 19:32 - 000000000 ____D C:\Users\user\AppData\Local\HLL
2021-07-27 19:32 - 2021-07-27 19:32 - 000000000 ____D C:\Users\user\AppData\Local\CrashReportClient
2021-07-27 19:32 - 2021-07-27 19:32 - 000000000 ____D C:\Users\user\AppData\Local\AWSToolkit
2021-07-27 19:30 - 2021-07-27 19:32 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2021-07-27 19:06 - 2021-07-27 19:06 - 000000214 _____ C:\Users\user\Desktop\Hell Let Loose.url
2021-07-27 03:01 - 2021-08-13 11:31 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2021-07-27 02:55 - 2021-07-27 02:55 - 000000000 ____D C:\Users\user\AppData\Roaming\NVIDIA
2021-07-27 02:55 - 2021-07-27 02:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2021-07-27 02:45 - 2021-07-27 02:45 - 000000214 _____ C:\Users\user\Desktop\DOOM.url
2021-07-27 02:34 - 2021-07-29 01:30 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2021-07-27 02:34 - 2021-07-28 23:13 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2021-07-27 02:34 - 2021-07-27 02:39 - 000000000 ____D C:\Windows\SysWOW64\directx
2021-07-27 02:34 - 2021-07-27 02:34 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2021-07-27 02:34 - 2021-07-27 02:34 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2021-07-27 02:30 - 2021-08-11 22:35 - 000000000 ____D C:\ProgramData\NVIDIA
2021-07-27 02:30 - 2021-07-29 15:16 - 000000000 ____D C:\Users\user\AppData\Local\NVIDIA
2021-07-27 02:30 - 2021-07-28 23:40 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-07-27 02:30 - 2021-07-28 23:39 - 000000000 ____D C:\Users\user\AppData\Local\NVIDIA Corporation
2021-07-27 02:30 - 2021-07-27 02:30 - 000000000 ____D C:\Users\user\ansel
2021-07-27 02:30 - 2021-07-12 08:32 - 000078192 _____ C:\Windows\system32\FvSDK_x64.dll
2021-07-27 02:30 - 2021-07-12 08:32 - 000067952 _____ C:\Windows\SysWOW64\FvSDK_x86.dll
2021-07-27 02:28 - 2021-07-29 00:16 - 000000000 ____D C:\Users\user\AppData\Roaming\LGHUB
2021-07-27 02:28 - 2021-07-29 00:05 - 000000000 ____D C:\Users\user\AppData\Local\LGHUB
2021-07-27 02:28 - 2021-07-27 02:28 - 001472048 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2021-07-27 02:28 - 2021-07-27 02:28 - 000056656 _____ (Logitech) C:\Windows\system32\Drivers\logi_joy_hid_filter.sys
2021-07-27 02:28 - 2021-07-27 02:28 - 000055624 _____ (Logitech) C:\Windows\system32\Drivers\logi_generic_hid_filter.sys
2021-07-27 02:28 - 2021-07-27 02:28 - 000045904 _____ (Logitech) C:\Windows\system32\Drivers\logi_joy_hid_lo.sys
2021-07-27 02:28 - 2021-07-27 02:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-07-27 02:28 - 2021-07-27 02:28 - 000000000 ____D C:\ProgramData\Logishrd
2021-07-27 02:27 - 2021-07-27 02:28 - 000000000 ____D C:\Program Files\LGHUB
2021-07-27 02:25 - 2021-07-27 02:25 - 000066896 _____ (Logitech) C:\Windows\system32\Drivers\logi_joy_xlcore.sys
2021-07-27 02:25 - 2021-07-27 02:25 - 000037200 _____ (Logitech) C:\Windows\system32\Drivers\logi_joy_bus_enum.sys
2021-07-27 02:25 - 2021-07-27 02:25 - 000025928 _____ (Logitech) C:\Windows\system32\Drivers\logi_joy_vir_hid.sys
2021-07-27 02:24 - 2021-07-27 02:28 - 000000000 ____D C:\ProgramData\LGHUB
2021-07-27 02:06 - 2021-07-27 02:06 - 000000214 _____ C:\Users\user\Desktop\Metro Exodus.url
2021-07-27 02:05 - 2021-07-29 21:35 - 000000000 ____D C:\Users\user\Documents\Project CARS 2
2021-07-27 02:05 - 2021-07-27 02:05 - 000000214 _____ C:\Users\user\Desktop\Project CARS 2.url
2021-07-27 02:05 - 2021-07-27 02:05 - 000000000 ____D C:\Programas
2021-07-27 02:03 - 2021-07-29 21:44 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-07-27 01:55 - 2021-07-27 01:55 - 000000000 ____D C:\Users\user\AppData\Local\Steam
2021-07-27 01:54 - 2021-07-27 01:54 - 000000689 _____ C:\Users\Public\Desktop\Steam.lnk
2021-07-27 01:54 - 2021-07-27 01:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-07-26 13:32 - 2021-07-26 13:32 - 000000000 ____D C:\Users\user\AppData\Local\Kaspersky Lab
2021-07-23 12:21 - 2021-07-23 12:21 - 000309104 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2021-07-23 12:17 - 2021-07-23 12:17 - 000000000 ____D C:\Users\Default\AppData\Local\Kaspersky Lab
2021-07-23 12:17 - 2021-07-23 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager
2021-07-23 12:16 - 2021-07-23 12:17 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2021-07-23 12:16 - 2021-07-23 12:17 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2021-07-23 12:16 - 2021-07-23 12:16 - 000263888 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2021-07-23 12:16 - 2021-07-23 12:16 - 000224880 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys
2021-07-23 12:16 - 2021-07-23 12:16 - 000115744 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys
2021-07-23 12:16 - 2021-07-23 12:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN
2021-07-23 12:16 - 2021-07-23 12:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2021-07-23 12:16 - 2021-07-23 12:16 - 000000000 ____D C:\Program Files\Common Files\AV
2021-07-23 12:16 - 2021-02-19 21:09 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2021-07-23 12:16 - 2021-02-19 21:08 - 001042712 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2021-07-23 12:16 - 2021-02-19 21:08 - 000514840 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2021-07-22 12:43 - 2021-08-06 19:34 - 000005286 _____ C:\Windows\system32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-SKID6P9-user DESKTOP-SKID6P9
2021-07-21 21:56 - 2021-07-21 21:56 - 001687040 _____ C:\Windows\system32\libcrypto.dll
2021-07-21 21:56 - 2021-07-21 21:56 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2021-07-21 21:56 - 2021-07-21 21:56 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2021-07-21 21:56 - 2021-07-21 21:56 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rendezvousSession.tlb
2021-07-21 21:56 - 2021-07-21 21:56 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\rendezvousSession.tlb
2021-07-21 21:55 - 2021-07-21 21:55 - 002371072 _____ C:\Windows\system32\rdpnano.dll
2021-07-21 21:55 - 2021-07-21 21:55 - 001864192 _____ (The ICU Project) C:\Windows\SysWOW64\icu.dll
2021-07-21 21:55 - 2021-07-21 21:55 - 001314128 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-07-21 21:55 - 2021-07-21 21:55 - 001163776 _____ C:\Windows\system32\MBR2GPT.EXE
2021-07-21 21:55 - 2021-07-21 21:55 - 000700928 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2021-07-21 21:55 - 2021-07-21 21:55 - 000570880 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-07-21 21:55 - 2021-07-21 21:55 - 000468440 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2021-07-21 21:55 - 2021-07-21 21:55 - 000452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-07-21 21:55 - 2021-07-21 21:55 - 000423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-07-21 21:55 - 2021-07-21 21:55 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2021-07-21 21:55 - 2021-07-21 21:55 - 000157184 _____ C:\Windows\system32\uwfcsp.dll
2021-07-21 21:55 - 2021-07-21 21:55 - 000153600 _____ C:\Windows\system32\uwfcfgmgmt.dll
2021-07-21 21:55 - 2021-07-21 21:55 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-07-21 21:55 - 2021-07-21 21:55 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-07-21 21:55 - 2021-07-21 21:55 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-07-21 21:54 - 2021-07-21 21:54 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-07-21 21:54 - 2021-07-21 21:54 - 002260480 _____ (The ICU Project) C:\Windows\system32\icu.dll
2021-07-21 21:54 - 2021-07-21 21:54 - 000657464 _____ C:\Windows\system32\WindowManagementAPI.dll
2021-07-21 21:54 - 2021-07-21 21:54 - 000563712 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-07-21 21:54 - 2021-07-21 21:54 - 000287232 _____ C:\Windows\system32\CoreMas.dll
2021-07-21 21:54 - 2021-07-21 21:54 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2021-07-21 21:54 - 2021-07-21 21:54 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-07-21 21:54 - 2021-07-21 21:54 - 000097792 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-07-21 21:54 - 2021-07-21 21:54 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2021-07-21 21:49 - 2021-08-13 11:43 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-07-21 21:46 - 2021-08-12 18:19 - 000000000 ____D C:\Windows\system32\MRT
2021-07-21 18:57 - 2021-07-26 13:35 - 000000000 ____D C:\Users\user\AppData\Local\AVAST Software
2021-07-21 18:56 - 2021-07-21 18:56 - 000000000 ____D C:\Users\user\AppData\Local\CEF
2021-07-21 18:55 - 2021-07-21 18:55 - 000000000 ____D C:\Program Files\Avast Software
2021-07-21 18:53 - 2021-07-26 13:35 - 000000000 ____D C:\ProgramData\Avast Software
2021-07-21 18:53 - 2021-07-21 18:53 - 000224544 _____ (AVAST Software) C:\Users\user\Downloads\avast_free_antivirus_setup_online.exe
2021-07-21 18:18 - 2021-08-13 12:46 - 092274688 _____ C:\Windows\system32\config\SOFTWARE
2021-07-21 18:16 - 2021-07-21 18:18 - 000000000 ____D C:\Windows\Microsoft Antimalware
2021-07-21 16:16 - 2021-07-21 16:16 - 000000000 ____D C:\Windows\system32\Tasks\Agent Activation Runtime
2021-07-21 16:09 - 2021-07-21 16:09 - 022791288 _____ C:\Users\user\Downloads\DSC_0318.NEF
2021-07-21 16:08 - 2021-07-21 16:09 - 023793588 _____ C:\Users\user\Downloads\DSC_0415.NEF
2021-07-21 16:08 - 2021-07-21 16:08 - 024670288 _____ C:\Users\user\Downloads\DSC_0395.NEF
2021-07-21 16:08 - 2021-07-21 16:08 - 024600264 _____ C:\Users\user\Downloads\DSC_0402.NEF
2021-07-21 12:27 - 2021-08-04 00:32 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-07-21 12:27 - 2021-07-22 13:25 - 000000000 ____D C:\Users\user\AppData\Local\Google
2021-07-21 12:26 - 2021-08-13 12:47 - 000000000 ____D C:\Program Files (x86)\Google
2021-07-21 12:26 - 2021-08-05 05:32 - 000003590 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-07-21 12:26 - 2021-08-05 05:32 - 000003466 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-07-21 12:26 - 2021-07-21 12:31 - 000000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2021-07-21 12:26 - 2021-07-21 12:27 - 000000000 ____D C:\ProgramData\Mozilla
2021-07-21 12:26 - 2021-07-21 12:26 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-07-21 12:26 - 2021-07-21 12:26 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-07-21 12:26 - 2021-07-21 12:26 - 000000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2021-07-21 12:26 - 2021-07-21 12:26 - 000000000 ____D C:\Users\user\AppData\Local\Mozilla
2021-07-21 12:26 - 2021-07-21 12:26 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-07-21 12:26 - 2021-07-21 12:26 - 000000000 ____D C:\Program Files\Google
2021-07-21 12:26 - 2021-07-21 12:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-07-21 11:34 - 2021-07-28 03:52 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-07-21 11:34 - 2021-07-28 03:52 - 000000000 ____D C:\Program Files (x86)\Realtek
2021-07-21 11:34 - 1999-12-31 21:00 - 000943112 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2021-07-21 11:34 - 1999-12-31 21:00 - 000082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2021-07-21 11:32 - 2021-07-21 11:32 - 001669056 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2021-07-21 11:32 - 2021-07-21 11:32 - 000002339 _____ C:\Users\user\Documents\Intel® Rapid Storage Technology.lnk
2021-07-21 11:32 - 2021-07-21 11:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2021-07-21 11:32 - 2021-07-21 11:32 - 000000000 ____D C:\Users\user\Intel
2021-07-21 11:32 - 2021-07-21 11:32 - 000000000 ____D C:\Users\user\AppData\Roaming\Intel Corporation
2021-07-21 11:32 - 2021-07-21 11:32 - 000000000 ____D C:\ProgramData\Intel
2021-07-21 11:31 - 2021-07-21 11:31 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2021-07-21 11:31 - 2021-07-21 11:31 - 000000000 ____D C:\Program Files\Synaptics
2021-07-21 11:30 - 2021-07-21 11:30 - 000000000 ____D C:\Users\user\AppData\Local\PeerDistRepub
2021-07-21 11:30 - 1999-12-31 21:00 - 000033960 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2021-07-21 11:29 - 2021-07-29 21:19 - 000000000 ____D C:\ProgramData\Package Cache
2021-07-21 11:29 - 2021-07-21 12:24 - 000000000 ____D C:\Users\user\AppData\Local\MSfree Inc
2021-07-21 11:29 - 2021-07-21 11:32 - 000000000 ____D C:\Program Files\Intel
2021-07-21 11:29 - 2021-07-21 11:29 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2021-07-21 11:28 - 2021-07-21 11:28 - 000000000 ____D C:\ProgramData\Adobe
2021-07-21 11:28 - 2021-07-21 11:28 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-07-21 11:26 - 2021-07-28 23:38 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-07-21 11:25 - 2021-08-09 22:16 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-07-21 11:25 - 2021-07-28 23:40 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2021-07-21 11:25 - 2021-07-28 23:39 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-07-21 11:24 - 2021-07-21 11:24 - 000000000 ____D C:\Windows\PCHEALTH
2021-07-21 11:24 - 2021-07-21 11:24 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2021-07-21 11:24 - 2021-07-21 11:24 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2021-07-21 11:24 - 2021-07-21 11:24 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2021-07-21 11:24 - 2021-07-13 13:57 - 007280312 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2021-07-21 11:24 - 2021-07-13 13:57 - 006215792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2021-07-21 11:24 - 2021-07-12 08:32 - 000136472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2021-07-21 11:22 - 2021-07-29 21:48 - 000000000 ____D C:\Users\user\AppData\Local\PlaceholderTileLogoFolder
2021-07-21 11:22 - 2021-07-21 11:22 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-07-21 11:22 - 2021-07-21 11:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-07-21 11:21 - 2021-07-21 11:25 - 000000000 ____D C:\Windows\SHELLNEW
2021-07-21 11:21 - 2021-07-21 11:24 - 000000000 ____D C:\Program Files\Microsoft Office
2021-07-21 11:21 - 2021-07-21 11:21 - 000000000 __RHD C:\MSOCache
2021-07-21 11:21 - 2021-07-21 11:21 - 000000000 ____D C:\Users\user\AppData\Local\Microsoft Help
2021-07-21 11:21 - 2021-07-21 11:21 - 000000000 ____D C:\Users\user\AppData\Local\Comms
2021-07-21 11:21 - 2021-07-21 11:21 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2021-07-21 11:21 - 2021-07-21 11:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-07-21 11:21 - 2021-07-21 11:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2021-07-21 11:07 - 2021-07-21 18:11 - 000000000 __SHD C:\Users\user\AppData\Local\Microsoft Windows
2021-07-21 11:07 - 2021-07-21 11:35 - 000000000 ____D C:\Program Files (x86)\WinRAR
2021-07-21 11:07 - 2021-07-21 11:11 - 000000000 ____D C:\Users\user\AppData\Roaming\WinRAR
2021-07-21 10:58 - 2021-08-13 12:51 - 001746318 _____ C:\Windows\system32\PerfStringBackup.INI
2021-07-21 10:58 - 2021-07-23 13:27 - 000000000 ___RD C:\Users\user\OneDrive
2021-07-21 10:57 - 2021-07-21 10:57 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-07-21 10:56 - 2021-08-09 23:17 - 000000000 ____D C:\Users\user\AppData\Local\Packages
2021-07-21 10:56 - 2021-07-30 06:13 - 000000000 ____D C:\Users\user\AppData\Local\ConnectedDevicesPlatform
2021-07-21 10:56 - 2021-07-29 21:48 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-07-21 10:56 - 2021-07-26 13:59 - 000000000 ____D C:\ProgramData\Packages
2021-07-21 10:56 - 2021-07-21 10:56 - 000000000 ___RD C:\Users\user\3D Objects
2021-07-21 10:56 - 2021-07-21 10:56 - 000000000 ____D C:\Users\user\AppData\Roaming\Adobe
2021-07-21 10:56 - 2021-07-21 10:56 - 000000000 ____D C:\Users\user\AppData\Local\VirtualStore
2021-07-21 10:56 - 2021-07-21 10:56 - 000000000 ____D C:\Users\user\AppData\Local\Publishers
2021-07-21 10:55 - 2021-07-21 10:55 - 000000020 ___SH C:\Users\user\ntuser.ini
2021-07-21 10:55 - 2021-07-21 10:55 - 000000000 _SHDL C:\Users\user\Modelos
2021-07-21 10:55 - 2021-07-21 10:55 - 000000000 _SHDL C:\Users\user\Meus Documentos
2021-07-21 10:55 - 2021-07-21 10:55 - 000000000 _SHDL C:\Users\user\Menu Iniciar
2021-07-21 10:55 - 2021-07-21 10:55 - 000000000 _SHDL C:\Users\user\Documents\Minhas Músicas
2021-07-21 10:55 - 2021-07-21 10:55 - 000000000 _SHDL C:\Users\user\Documents\Minhas Imagens
2021-07-21 10:55 - 2021-07-21 10:55 - 000000000 _SHDL C:\Users\user\Documents\Meus Vídeos
2021-07-21 10:55 - 2021-07-21 10:55 - 000000000 _SHDL C:\Users\user\Dados de Aplicativos
2021-07-21 10:55 - 2021-07-21 10:55 - 000000000 _SHDL C:\Users\user\Configurações Locais
2021-07-21 10:55 - 2021-07-21 10:55 - 000000000 _SHDL C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2021-07-21 10:55 - 2021-07-21 10:55 - 000000000 _SHDL C:\Users\user\AppData\Local\Histórico
2021-07-21 10:55 - 2021-07-21 10:55 - 000000000 _SHDL C:\Users\user\AppData\Local\Dados de Aplicativos
2021-07-21 10:55 - 2021-07-21 10:55 - 000000000 _SHDL C:\Users\user\Ambiente de Rede
2021-07-21 10:55 - 2021-07-21 10:55 - 000000000 _SHDL C:\Users\user\Ambiente de Impressão
2021-07-21 10:55 - 2021-07-21 10:55 - 000000000 ____D C:\Windows\CSC
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Users\Usuário Padrão
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Users\Todos os Usuários
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Users\Public\Documents\Minhas Músicas
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Users\Public\Documents\Minhas Imagens
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Users\Public\Documents\Meus Vídeos
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Users\Default\Modelos
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Users\Default\Meus Documentos
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Users\Default\Menu Iniciar
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Users\Default\Documents\Minhas Músicas
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Users\Default\Documents\Minhas Imagens
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Users\Default\Documents\Meus Vídeos
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Users\Default\Dados de Aplicativos
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Users\Default\Configurações Locais
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Users\Default\AppData\Local\Histórico
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Users\Default\AppData\Local\Dados de Aplicativos
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Users\Default\Ambiente de Rede
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Users\Default\Ambiente de Impressão
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\ProgramData\Modelos
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programas
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\ProgramData\Menu Iniciar
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\ProgramData\Documentos
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\ProgramData\Dados de Aplicativos
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Program Files\Common Files\Sistema
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Program Files\Arquivos Comuns
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Documents and Settings
2021-07-21 10:53 - 2021-07-21 10:53 - 000000000 _SHDL C:\Arquivos de Programas
2021-07-21 10:52 - 2021-08-13 12:47 - 000447360 _____ C:\Windows\system32\FNTCACHE.DAT
2021-07-21 10:52 - 2021-08-13 12:46 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-21 10:52 - 2021-08-13 12:46 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-07-21 10:52 - 2021-08-13 12:45 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-07-21 10:52 - 2021-08-13 11:31 - 000003618 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-21 10:52 - 2021-08-13 11:31 - 000003494 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-21 10:52 - 2021-08-06 19:34 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-21 10:52 - 2021-07-22 11:58 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-07-21 10:52 - 2021-07-21 10:52 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2021-07-21 10:52 - 2021-07-21 10:52 - 000000000 ____D C:\Windows\ServiceProfiles
2021-07-21 10:51 - 2021-07-23 12:28 - 000000000 ____D C:\Windows\Panther

==================== Um mês (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2021-08-13 12:57 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-08-13 12:52 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-13 12:52 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\AppReadiness
2021-08-13 12:51 - 2019-12-07 11:53 - 000753728 _____ C:\Windows\system32\prfh0416.dat
2021-08-13 12:51 - 2019-12-07 11:53 - 000149340 _____ C:\Windows\system32\prfc0416.dat
2021-08-13 12:51 - 2019-12-07 06:13 - 000000000 ____D C:\Windows\INF
2021-08-13 12:47 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-13 12:46 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-08-13 12:46 - 2019-12-07 06:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-08-13 12:46 - 2019-12-07 06:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-08-13 12:46 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-08-13 12:46 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SystemResources
2021-08-13 12:46 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\oobe
2021-08-13 12:46 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\Dism
2021-08-13 12:46 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\ShellComponents
2021-08-13 12:46 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-08-13 12:46 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\bcastdvr
2021-08-13 12:46 - 2019-12-07 06:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-08-13 12:46 - 2019-12-07 06:03 - 000000000 ____D C:\Windows\servicing
2021-08-13 11:46 - 2019-12-07 06:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-08-13 11:43 - 2019-12-07 06:03 - 000000000 ____D C:\Windows\CbsTemp
2021-08-09 22:14 - 2019-12-07 06:14 - 000000167 _____ C:\Windows\win.ini
2021-08-09 22:13 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-08-05 05:20 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\MUI
2021-08-05 05:20 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\MUI
2021-07-31 17:21 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-30 23:23 - 2019-12-07 06:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-07-23 12:20 - 2021-02-19 21:09 - 000096008 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klpnpflt.sys
2021-07-22 12:00 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\appcompat
2021-07-22 11:58 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-07-21 22:42 - 2019-12-07 11:54 - 000000000 ____D C:\Windows\system32\OpenSSH
2021-07-21 22:42 - 2019-12-07 06:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-07-21 22:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2021-07-21 22:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-07-21 22:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-07-21 22:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2021-07-21 22:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2021-07-21 22:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2021-07-21 22:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2021-07-21 22:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-07-21 22:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-07-21 22:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\setup
2021-07-21 22:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\migwiz
2021-07-21 22:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\lv-LV
2021-07-21 22:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\lt-LT
2021-07-21 22:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\et-EE
2021-07-21 22:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\Provisioning
2021-07-21 22:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\DiagTrack
2021-07-21 21:57 - 2019-12-07 11:56 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2021-07-21 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2021-07-21 11:21 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-07-21 11:12 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\ServiceState
2021-07-21 10:55 - 2019-12-07 11:54 - 000000000 ____D C:\Windows\system32\FxsTmp
2021-07-21 10:55 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\spool
2021-07-21 10:53 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Windows NT
2021-07-21 10:51 - 2019-12-07 06:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template

==================== Arquivos na raiz de alguns diretórios ========

2021-07-29 15:16 - 2021-08-12 18:18 - 000000016 _____ () C:\Users\user\AppData\Roaming\msregsvv.dll
2021-07-30 22:58 - 2021-07-30 22:58 - 000007605 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)

==================== Fim de FRST.txt ========================

 

 

 

 

 

Addition

 

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 11-08-2021
Executado por user (13-08-2021 12:59:39)
Executando a partir de C:\Users\user\Downloads
Windows 10 Pro Versão 21H1 19043.1165 (X64) (2021-07-21 13:53:54)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================


(Se uma entrada for incluída na fixlist, será removida.)

Administrador (S-1-5-21-162750532-2239188513-3536986092-500 - Administrator - Disabled)
Convidado (S-1-5-21-162750532-2239188513-3536986092-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-162750532-2239188513-3536986092-503 - Limited - Disabled)
user (S-1-5-21-162750532-2239188513-3536986092-1001 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-162750532-2239188513-3536986092-504 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Anti-Virus (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.15_Beta2 - tippach engineering)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.57.44284 - Electronic Arts)
Custom Shop 2.0.0 (HKLM\...\5b86c39c-6f2f-52a0-a1b0-9b9fc743254c) (Version: 2.0.0 - IK Multimedia)
Custom Shop version 2.0.0 (HKLM\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 2.0.0 - IK Multimedia)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.131 - Google LLC)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.0.1014 - Intel Corporation)
Kaspersky Anti-Virus (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky)
Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab)
Kaspersky VPN (HKLM-x32\...\{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky) Hidden
Kaspersky VPN (HKLM-x32\...\InstallWIX_{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2021.7.91 - Logitech)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.67 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 90.0.1 (x64 pt-BR)) (Version: 90.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 90.0.1 - Mozilla)
MSI Afterburner 4.6.4 Beta 3 (HKLM-x32\...\Afterburner) (Version: 4.6.4 Beta 3 - MSI Co., LTD)
MSI Kombustor 4.1.12.0 (64-bit) (HKLM\...\{F3D3CC6B-9AD7-4F43-8C69-40D5902FDC5C}}_is1) (Version:  - MSI / Geeks3D)
NVIDIA Driver de áudio HD 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA Driver de gráficos 471.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.41 - NVIDIA Corporation)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA Software do sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.102.48654 - Electronic Arts, Inc.)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8273 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
RivaTuner Statistics Server 7.3.2 Beta 2 (HKLM-x32\...\RTSS) (Version: 7.3.2 Beta 2 - Unwinder)
RogueKiller version 15.0.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.0.9.0 - Adlice Software)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Software de dispositivo do Chipset Intel® (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}_Office15.PROPLUSR_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version:  - Microsoft)
WinRAR 4.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
WinZip 25.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2412F}) (Version: 25.0.14273 - Corel Corporation)

Packages:
=========
Forza Motorsport 7 -> C:\Program Files\WindowsApps\Microsoft.ApolloBaseGame_1.174.4791.2_x64__8wekyb3d8bbwe [2021-07-29] (Microsoft Studios)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-03] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-07-28] (NVIDIA Corp.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0 [2021-08-05] (Spotify AB) [Startup Task]

==================== Exame Personalizado CLSID (Whitelisted): ==============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-162750532-2239188513-3536986092-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\x64\shellex.dll [2021-07-23] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-02-17] () [Arquivo não assinado]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-02-17] () [Arquivo não assinado]
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-28] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\x64\shellex.dll [2021-07-23] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\x64\shellex.dll [2021-07-23] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-02-17] () [Arquivo não assinado]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-02-17] () [Arquivo não assinado]
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-28] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\nvshext.dll [2021-07-13] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\x64\shellex.dll [2021-07-23] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-02-17] () [Arquivo não assinado]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-02-17] () [Arquivo não assinado]
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-28] (Corel Corporation -> WinZip Computing)

==================== Codecs (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [Arquivo não assinado]

==================== Atalhos & WMI ========================

(As entradas podem ser listadas para serem restauradas ou removidas.)

ShortcutWithArgument: C:\Users\user\Desktop\Equipos (real).xlsx - Microsoft Excel Online.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=ompjkebljocidehocnjnkghphdibibil
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\Equipos (real).xlsx - Microsoft Excel Online.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=ompjkebljocidehocnjnkghphdibibil

==================== Módulos Carregados (Whitelisted) =============

2021-07-21 11:07 - 2012-02-17 20:55 - 000193536 _____ () [Arquivo não assinado] C:\Program Files (x86)\WinRAR\rarext64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Modo de Segurança (Whitelisted) ==================

==================== Associação (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts Conteúdo: =========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2019-12-07 06:14 - 2021-08-05 13:48 - 000000852 _____ C:\Windows\system32\drivers\etc\hosts

==================== Outras Áreas ===========================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-162750532-2239188513-3536986092-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Se uma entrada for incluída na fixlist, será removida.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: FvSvc => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: kpm_launch_service => 3
MSCONFIG\Services: KSDE5.3 => 2
MSCONFIG\Services: LGHUBUpdaterService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: rkrtservice => 2
MSCONFIG\Services: Steam Client Service => 3
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-162750532-2239188513-3536986092-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-162750532-2239188513-3536986092-1001\...\StartupApproved\Run: => "LGHUB"
HKU\S-1-5-21-162750532-2239188513-3536986092-1001\...\StartupApproved\Run: => "Steam"

==================== Regras do Firewall (Whitelisted) ================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [TCP Query User{550301D6-FA9C-439A-BB34-0B33FA0C06C7}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{B40A0701-55FF-4E52-B6C4-FE956AB2AB6B}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{7ECCCC3C-EF6B-42F9-BD70-99D158DB9BA8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{634FDAF4-8A56-44A6-8F14-57F11655B32B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{74E21DA7-D7F7-4A52-B883-0E4BDC6B8D85}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7C30E83B-F1D9-4A9C-81D1-85A6C19A27D9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{90A2F699-8442-40B4-A3F6-049DE84AAD5E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CB8412E1-020E-463C-AECD-CEC61D56E79B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{151B2274-C79E-4E75-B46E-15F24CA930E7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{083C2B2E-58AB-448F-8B60-A228AA8801B2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D26972A7-DADA-4950-8401-BE77FA104B52}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.74.152.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8F507955-38FB-44C0-8270-0FABC615D017}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.74.152.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DCE09885-2141-465A-B4FE-A33FC3CF629F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.74.152.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E7CF4665-FEBC-4AA6-9E62-3554C14198F4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.74.152.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Pontos de Restauração =========================

11-08-2021 22:43:30 sistema
13-08-2021 11:34:52 Instalador de Módulos do Windows

==================== Dispositivos Apresentando Falhas No Gerenciador ============

Name: Controlador de comunicação PCI simples
Description: Controlador de comunicação PCI simples
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Erros no Log de eventos: ========================

Erros em Aplicativos:
==================
Error: (08/13/2021 11:43:54 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Não foi possível concluir o otimizador de armazenamento otimizar novamente em BACKUP2 (E:) devido a: A operação solicitada não é compatível com o hardware que contém o volume. (0x8900002A)

Error: (08/13/2021 11:43:52 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Não foi possível concluir o otimizador de armazenamento otimizar novamente em BACKP1 (D:) devido a: A operação solicitada não é compatível com o hardware que contém o volume. (0x8900002A)

Error: (08/13/2021 11:31:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: wwahost.exe, versão: 10.0.19041.789, carimbo de data/hora: 0x9bbd7506
Nome do módulo com falha: KERNELBASE.dll, versão: 10.0.19041.1110, carimbo de data/hora: 0x4809adf2
Código de exceção: 0xc0000409
Deslocamento da falha: 0x000000000010bd3e
ID do processo com falha: 0x1b18
Hora de início do aplicativo com falha: 0x01d7904fd6d05eeb
Caminho do aplicativo com falha: C:\Windows\system32\wwahost.exe
Caminho do módulo com falha: C:\Windows\System32\KERNELBASE.dll
ID do Relatório: 55b44f6a-82e8-4c67-aa8e-001423208b6d
Nome completo do pacote com falha: Microsoft.Windows.CloudExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy
ID do aplicativo relativo ao pacote com falha: App

Error: (08/09/2021 10:13:34 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (08/09/2021 10:13:34 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/05/2021 02:12:37 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Não foi possível concluir o otimizador de armazenamento otimizar novamente em BACKUP2 (E:) devido a: A operação solicitada não é compatível com o hardware que contém o volume. (0x8900002A)

Error: (08/05/2021 02:11:52 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Não foi possível concluir o otimizador de armazenamento otimizar novamente em BACKP1 (D:) devido a: A operação solicitada não é compatível com o hardware que contém o volume. (0x8900002A)

Error: (08/05/2021 01:41:34 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007


Erros de Sistema:
=============
Error: (08/13/2021 12:46:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço luafv devido ao seguinte erro: 
O carregamento deste driver foi bloqueado

Error: (08/12/2021 01:42:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço luafv devido ao seguinte erro: 
O carregamento deste driver foi bloqueado

Error: (08/11/2021 10:45:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço luafv devido ao seguinte erro: 
O carregamento deste driver foi bloqueado

Error: (08/11/2021 10:45:04 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: A chamada ScRegSetValueExW falhou para Start com o seguinte erro: 
Acesso negado.

Error: (08/11/2021 10:35:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço luafv devido ao seguinte erro: 
O carregamento deste driver foi bloqueado

Error: (08/09/2021 11:28:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Origin Web Helper Service devido ao seguinte erro: 
O serviço não respondeu à requisição de início ou controle em tempo hábil.

Error: (08/09/2021 11:27:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço luafv devido ao seguinte erro: 
O carregamento deste driver foi bloqueado

Error: (08/06/2021 07:51:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço luafv devido ao seguinte erro: 
O carregamento deste driver foi bloqueado


Windows Defender:
================
Date: 2021-07-22 12:44:50
Description: 
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {7DA8E225-AA0E-4F5D-96A5-1C7F28D1F05E}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2021-07-21 18:02:10
Description: 
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=Ransom:Win32/StopCrypt.MYK!MTB&threatid=2147785422&enterprise=0
Nome: Ransom:Win32/StopCrypt.MYK!MTB
Gravidade: Grave
Categoria: Ransomware
Caminho: file:_D:\Users\user\AppData\Local\Temp\setup_installer.exe
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Usuário
Usuário: DESKTOP-SKID6P9\user
Nome do Processo: Unknown
Versão da Inteligência de Segurança: AV: 1.343.1390.0, AS: 1.343.1390.0, NIS: 1.343.1390.0
Versão do Mecanismo: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-07-21 18:02:10
Description: 
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794&enterprise=0
Nome: HackTool:Win32/Keygen
Gravidade: Alto
Categoria: Ferramenta
Caminho: file:_D:\Games\The Elder Scrolls - Skyrim - Special Edition\steam_api64.dll
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Usuário
Usuário: DESKTOP-SKID6P9\user
Nome do Processo: Unknown
Versão da Inteligência de Segurança: AV: 1.343.1390.0, AS: 1.343.1390.0, NIS: 1.343.1390.0
Versão do Mecanismo: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-07-21 18:02:10
Description: 
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/KrypInject&threatid=2147735095&enterprise=0
Nome: Trojan:Win32/KrypInject
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: containerfile:_C:\Users\user\AppData\Local\Microsoft Windows\default.exe; file:_C:\Users\user\AppData\Local\Microsoft Windows\default.exe->[RSRCEmb]#4
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Usuário
Usuário: DESKTOP-SKID6P9\user
Nome do Processo: Unknown
Versão da Inteligência de Segurança: AV: 1.343.1390.0, AS: 1.343.1390.0, NIS: 1.343.1390.0
Versão do Mecanismo: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-07-21 18:02:10
Description: 
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/KryptInject&threatid=2147726140&enterprise=0
Nome: Trojan:Win32/KryptInject
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: containerfile:_C:\Users\user\AppData\Local\Microsoft Windows\default.exe; file:_C:\Users\user\AppData\Local\Microsoft Windows\default.exe->(VFS:taskWin.exe#3); file:_C:\Users\user\AppData\Local\Microsoft Windows\default.exe->[RSRCEmb]#3
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Usuário
Usuário: DESKTOP-SKID6P9\user
Nome do Processo: Unknown
Versão da Inteligência de Segurança: AV: 1.343.1390.0, AS: 1.343.1390.0, NIS: 1.343.1390.0
Versão do Mecanismo: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-07-21 15:25:33
Description: 
Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança.
Nova Versão da Inteligência de Segurança: 
Versão da Inteligência de Segurança anterior: 1.343.1390.0
Fonte da Atualização: Servidor do Microsoft Update
Tipo da Inteligência de Segurança: Antivírus
Tipo da atualização: Completa
Usuário: AUTORIDADE NT\SISTEMA
Versão Atual do Mecanismo: 
Versão Anterior do Mecanismo: 1.1.18300.4
Código de Erro: 0x80240438
Descrição do Erro: Erro inesperado ao verificar atualizações. Para obter informações sobre como instalar ou solucionar problemas de atualizações, consulte Ajuda e Suporte. 

CodeIntegrity:
===============
Date: 2021-08-13 12:51:01
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2021-08-12 19:43:12
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.


==================== Informações da Memória =========================== 

BIOS: American Megatrends Inc. 3019 01/06/2017
placa-mãe: ASUSTeK COMPUTER INC. H110M-C/BR
Processador: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz
Percentagem de memória em uso: 35%
RAM física total: 8132.3 MB
RAM física disponível: 5210.94 MB
Virtual Total: 13252.3 MB
Virtual disponível: 8611.15 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:111.17 GB) (Free:5.95 GB) NTFS
Drive d: (BACKP1) (Fixed) (Total:638.54 GB) (Free:65.69 GB) NTFS
Drive e: (BACKUP2) (Fixed) (Total:292.97 GB) (Free:103.55 GB) NTFS

\\?\Volume{ad2754df-1afb-4b4c-8ae8-78e33d2fad47}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{22484766-6f55-4b0c-82ca-66056cac8b38}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Tabela de Partições ====================

==========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 3485EC3C)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Fim de Addition.txt =======================

 

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

@k00rg

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

CreateRestorePoint:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restrição <==== ATENÇÃO
Task: {31EF498F-AA6D-4C0A-9E13-66A9445C5402} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-28] (Corel Corporation -> Corel Corporation)
Task: {32F51B15-97CF-4860-9E26-E9A7AD52454F} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-28] (Corel Corporation -> Corel Corporation)
Task: {54861B05-487B-44D6-8A23-52301CCAA576} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-28] (Corel Corporation -> Corel Corporation)
Task: {5CAEEABD-4745-401C-9305-D700267D7FC9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {7E22BAC2-7F7F-4D4F-A6B7-39C569544217} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {842B53E1-0E32-404D-B1FB-22A81D681106} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154520 2021-07-21] (Google LLC -> Google LLC)
Task: {96DC1986-1C34-4940-B089-3537BFC9CF3F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154520 2021-07-21] (Google LLC -> Google LLC)
Task: {97861DB0-98A2-412C-9BA9-DEFC23C5618E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {A77E3340-7CB2-4B5B-8BBE-BFFE52C51960} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-SKID6P9-user DESKTOP-SKID6P9 => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [470720 2016-02-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {E365ECE2-6107-4D80-B9B5-9604835E6FBA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682424 2021-07-16] (Mozilla Corporation -> Mozilla Foundation)
File: C:\Windows\system32\rtvcvfw64.dll;C:\Windows\SysWOW64\rtvcvfw32.dll
CloseProcesses:
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
CreateRestorePoint:

Salve este arquivo na na sua área de trabalho com o nome fixlist

 

OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

** Usuários do Windows Vista, Windows 7, 8/8.1 e Windows 10:Clique com o direito sobre o arquivo FRST.EXE, depois clique em http://i.imgur.com/VRIfczU.png

 

Clique no botão image.png

 

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

 

Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

Link para o comentário
Compartilhar em outros sites

segue o Log

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 14-08-2021
Executado por user (17-08-2021 20:32:38) Run:1
Executando a partir de C:\Users\user\Desktop
Perfis Carregados: user
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restrição <==== ATENÇÃO
Task: {31EF498F-AA6D-4C0A-9E13-66A9445C5402} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-28] (Corel Corporation -> Corel Corporation)
Task: {32F51B15-97CF-4860-9E26-E9A7AD52454F} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-28] (Corel Corporation -> Corel Corporation)
Task: {54861B05-487B-44D6-8A23-52301CCAA576} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-28] (Corel Corporation -> Corel Corporation)
Task: {5CAEEABD-4745-401C-9305-D700267D7FC9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {7E22BAC2-7F7F-4D4F-A6B7-39C569544217} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {842B53E1-0E32-404D-B1FB-22A81D681106} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154520 2021-07-21] (Google LLC -> Google LLC)
Task: {96DC1986-1C34-4940-B089-3537BFC9CF3F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154520 2021-07-21] (Google LLC -> Google LLC)
Task: {97861DB0-98A2-412C-9BA9-DEFC23C5618E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {A77E3340-7CB2-4B5B-8BBE-BFFE52C51960} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-SKID6P9-user DESKTOP-SKID6P9 => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [470720 2016-02-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {E365ECE2-6107-4D80-B9B5-9604835E6FBA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682424 2021-07-16] (Mozilla Corporation -> Mozilla Foundation)
File: C:\Windows\system32\rtvcvfw64.dll;C:\Windows\SysWOW64\rtvcvfw32.dll
CloseProcesses:
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
CreateRestorePoint:
*****************

Ponto de Restauração criado com sucesso.
HKLM\SOFTWARE\Policies\Mozilla => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31EF498F-AA6D-4C0A-9E13-66A9445C5402}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31EF498F-AA6D-4C0A-9E13-66A9445C5402}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\WinZip Update Notifier 2 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinZip Update Notifier 2" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32F51B15-97CF-4860-9E26-E9A7AD52454F}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32F51B15-97CF-4860-9E26-E9A7AD52454F}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\WinZip Update Notifier 3 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinZip Update Notifier 3" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54861B05-487B-44D6-8A23-52301CCAA576}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54861B05-487B-44D6-8A23-52301CCAA576}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\WinZip Update Notifier 1 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinZip Update Notifier 1" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5CAEEABD-4745-401C-9305-D700267D7FC9}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CAEEABD-4745-401C-9305-D700267D7FC9}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentFallBack" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E22BAC2-7F7F-4D4F-A6B7-39C569544217}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E22BAC2-7F7F-4D4F-A6B7-39C569544217}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office 15 Subscription Heartbeat" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{842B53E1-0E32-404D-B1FB-22A81D681106}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{842B53E1-0E32-404D-B1FB-22A81D681106}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{96DC1986-1C34-4940-B089-3537BFC9CF3F}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96DC1986-1C34-4940-B089-3537BFC9CF3F}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{97861DB0-98A2-412C-9BA9-DEFC23C5618E}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97861DB0-98A2-412C-9BA9-DEFC23C5618E}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentLogOn" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A77E3340-7CB2-4B5B-8BBE-BFFE52C51960}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A77E3340-7CB2-4B5B-8BBE-BFFE52C51960}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-SKID6P9-user DESKTOP-SKID6P9 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft Office 15 Sync Maintenance for DESKTOP-SKID6P9-user DESKTOP-SKID6P9" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E365ECE2-6107-4D80-B9B5-9604835E6FBA}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E365ECE2-6107-4D80-B9B5-9604835E6FBA}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" => removido (a) com sucesso.

========================= File: C:\Windows\system32\rtvcvfw64.dll;C:\Windows\SysWOW64\rtvcvfw32.dll ========================

C:\Windows\system32\rtvcvfw64.dll
Arquivo não assinado
MD5: AF47D6660569DFA46BC4E1CD21E1624B
Data de criação e modificação: 2012-09-28 16:45 - 2012-09-28 16:45
Tamanho: 000246272
Atributos: ----A
Nome Da Empresa: 
Interno Nome: 
Original Nome: 
Produto: 
Descrição: 
Arquivo Versão: 
Produto Versão: 
Copyright: 
VirusTotal: https://www.virustotal.com/gui/file/a126f29f665ba1b94392165cdcc6ffa0fdbfc330f5dde12dcaecd4c371b22681/detection/f-a126f29f665ba1b94392165cdcc6ffa0fdbfc330f5dde12dcaecd4c371b22681-1629211315

C:\Windows\SysWOW64\rtvcvfw32.dll
Arquivo não assinado
MD5: 03944ABAE856DC164BD167526E07E953
Data de criação e modificação: 2012-09-28 16:45 - 2012-09-28 16:45
Tamanho: 000247296
Atributos: ----A
Nome Da Empresa: 
Interno Nome: 
Original Nome: 
Produto: 
Descrição: 
Arquivo Versão: 
Produto Versão: 
Copyright: 
VirusTotal: https://www.virustotal.com/gui/file/746f4ccfd2752bc9e741977772647e00e63c340c57599008d6e900a24e40ad50/detection/f-746f4ccfd2752bc9e741977772647e00e63c340c57599008d6e900a24e40ad50-1629203319

====== Fim de File: ======

Processos fechados com sucesso.

========= ipconfig /flushdns =========


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.
"HKU\S-1-5-21-162750532-2239188513-3536986092-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\S-1-5-21-162750532-2239188513-3536986092-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.


========= Fim de RemoveProxy: =========

Ponto de Restauração criado com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 53424045 B
Java, Flash, Steam htmlcache => 235575041 B
Windows/system/drivers => 4614391 B
Edge => 0 B
Chrome => 423716801 B
Firefox => 66588048 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 129426 B
NetworkService => 141812 B
user => 2864761 B

RecycleBin => 2303250 B
EmptyTemp: => 760.6 MB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 20:33:12 ====

Link para o comentário
Compartilhar em outros sites

  • 2 semanas depois...
  • Analista de Segurança

Tópico arquivado

 

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado. Caso você seja o autor do tópico e quer que o mesmo seja reaberto, entre em contato com um Analista de Segurança ou Coordenador solicitando o desbloqueio.

 

Link para o comentário
Compartilhar em outros sites

Visitante
Este tópico está impedido de receber novos posts.

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Curso de Redes MikroTik

LANÇAMENTO!

CLIQUE AQUI PARA SE INSCREVER!

* Este curso não é ministrado pela equipe do Clube do Hardware.